Meraki

Community

Client VPN's to Meraki MX

TBee
Here to help
‎Jun 28 2023 7:50 AM
‎Jun 28 2023 7:50 AM

Client VPN's to Meraki MX

I have quoted a Meraki MX SD-WAN solution to a customer, for 1 remote site and one central site.

                1 x MX67 at the remote site

                2 x MX105 at the core site. (HA Pair)

 

The customer is planning on adding more sites on to the SD-WAN over the coming year, total maximum of 7-8 remote sites.

 

The customer would also like to connect up to 100 Client VPN (RAS) users to the MX105, the Client devices be approximately 85 Windows 11 devices and 15 Mac. What would be a reliable low cost or free option, they are currently using a free RAS client to a FortiGate. Would it be to use the VPN client inherent in the OS (Windows 11 and Mac) or Cisco AnyConnect, or would the AnyConnect just add unnecessary cost?

 

 

Labels:
0 Kudos
3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 28 2023 8:04 AM
‎Jun 28 2023 8:04 AM

You can use a virtual Linux machine with Strongswan.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
GreenMan
Meraki Employee
Meraki Employee
‎Jun 28 2023 8:24 AM
‎Jun 28 2023 8:24 AM

I think AnyConnect (or Secure Client, as it now is) working with MX would potentially be a great solution here:   more powerful / flexible than L2TP.   Running multiple functions on the Hub MX obviously makes it work harder, so it's a matter of sizing:   use the Organization > Summary Report ftool or Security appliances to monitor load:   https://documentation.meraki.com/MX/Monitoring_and_Reporting/Device_Utilization

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 28 2023 1:10 PM
‎Jun 28 2023 1:10 PM

For 85 users - don't even think about using the Microsoft client.  You'll be buying yourself a support nightmare.

 

Stick with AnyConnect.  The most common configuration these days is SAML authentication directly against AzureAD (aka Office 365).  No servers required.

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/AnyConnect_Azure_AD_SA... 

 

Here is a list of other authentication options, including SAML options against things other than AzureAD:

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/Authentication 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.